BIG-IP network appliances remote access vulnerability CVE-2012-1493

"A platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. The vulnerability is caused by a configuration error, and is not the result of an underlying SSH defect."

F5 really outdid themselves on this one. They left a default ssh authorized key for root on all their devices.

We applied the id379600 fix which basically generated a new key and removes the default one on our F5 devices.